Hi Mark, I'm not clear what you mean by RRAS on ISA itself. Do you want to set up a VPN server or VPN gateway? Or, as you trying to make the ISA Server a VPN client? Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Mark Hippenstiel [mailto:m.hippenstiel@xxxxxxxxxxxx] Sent: Saturday, March 29, 2003 1:33 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Howto make ISA server a VPN client http://www.ISAserver.org Thanks Tom. That's understood (hey I've got the book), but how does RRAS on ISA itself behave? Can I create a vpn connection there using l2tp? Mark > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] > Sent: Saturday, March 29, 2003 5:43 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: Howto make ISA server a VPN client > > > http://www.ISAserver.org > > > Hi Mark, > > You're welcome for the flowers ;-) > > ISA Server does not apply firewall policy to any VPN links. > These include inbound VPN client connections, VPN gateway > connections, and outbound PPTP connections from internal > network clients to external VPN servers. So, if you want to > establish a VPN connection from your internal SMTP server to > your ISP, the ISA Server won't get in the way, as long as > you're using PPTP. > > HTH, > Tom > > Thomas W Shinder > www.isaserver.org/shinder > ISA Server and Beyond: http://tinyurl.com/1jq1 > Configuring ISA Server: http://tinyurl.com/1llp > > > > -----Original Message----- > From: Mark Hippenstiel [mailto:m.hippenstiel@xxxxxxxxxxxx] > Sent: Friday, March 28, 2003 8:08 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: Howto make ISA server a VPN client > > > http://www.ISAserver.org > > > Hi Tom, > > No I was not feeling like being laughed at, and thanks for the flowers > :-) > It seemed to me that the idea of dequeuing mails by using a > vpn connection was considered to be hum.. inadequate to say > the least :) > > I do however understand that the solutions proposed here may > fit my needs, and I'm still reading up on that and I have to > have a litle chat with my provider. > > To get back to the more theoretical question contained in my original > mail: > besides from any smtp issues, would it be possible to create > a vpn connection in RRAS? Or more precisely, is any > connection made in RRAS on the isa server itself considered > to be "internal" or "external"? Or even somewhere in between? > I'm a bit confused about that. If it's internal, things are > clear - l2tp vpn wouldn't be possible... > > Thanks > mark > > > -----Original Message----- > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] > > Sent: Wednesday, March 26, 2003 1:27 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] Re: Howto make ISA server a VPN client > > > > > > http://www.ISAserver.org > > > > > > Hi Mark, > > > > I don't think anyone meant to laugh at you, and your > English is better > > than my German, and its probably better than my English! :-) > > > > However, maybe its ignorance on my part, but I don't see > any way were > > VPN would fit into this equation. Maybe I don't understand your > > problem, but it sounds like you have an SMTP server on your network > > that you want to dequeue messages on your ISP's SMTP > server. If that's > > the case, I don't see how VPN would fit into making this work. > > > > TRN and ETRN sound like the answer to your problem. But I > also think > > you need to get a dedicated IP address, or at least host > your own SMTP > > server and using a DDNS provider like TZO so that changing IP > > addresses aren't a problem. > > > > HTH, > > Tom > > > > Thomas W Shinder > > www.isaserver.org/shinder > > ISA Server and Beyond: http://tinyurl.com/1jq1 > > Configuring ISA Server: http://tinyurl.com/1llp > > > > > > > > -----Original Message----- > > From: Mark Hippenstiel [mailto:m.hippenstiel@xxxxxxxxxxxx] > > Sent: Tuesday, March 25, 2003 2:02 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] Re: Howto make ISA server a VPN client > > > > > > http://www.ISAserver.org > > > > > > Good morning, > > > > Well I'm happy to see that I can contribute some amusement > :) I think > > I will have to explain the problem in more detail to shed a > light on > > this. > > > > The thing is, I don't really know enough about configuring a unix > > machine to deliver mails, that's entirely up to my > provider. There's > > two providers we're talking about, one being the one to > supply dial up > > access, the other one a smaller company which does web, > mail and DNS > > hosting. This one's a friend of mine, and I wanted to switch to SMTP > > delivery a) to get rid of all the spam I receive and b) to > > come closer to a real life scenario with my exchange server > > which I need to do some lab work and testing. > > > > So the question was how to make this work. I said that ETRN > was not an > > option because it does not "open" a communication than rather > > triggering a second connection. After I did some reading, I > am not too > > shure altogether if that's true. But anyway that's what my provider > > said. If it's not that way and ETRN does initiate a communication, > > then Jim's right and this would be a way to go. The FQDN could be > > provided by a DDNS server. > > > > The idea of making a vpn connection of some kind came from > a similar > > setup with a dedicated ip and a dial-up connection. In that > scenario, > > the customer's (i.e. my) server is the primary mx and the > provider is > > the secondary mx. Using VPN would make any auth on the smtp side > > obsolete and means very little configuration, because my provider > > would only have to make my internal ip address the primary > mx. You get > > the picture? > > > > Jim wrote that ISA NAT doesn't handle IPSec - that would > apply only if > > the VPN connection is made from the exchange server right? > That's why > > I thought I might go this way: > > > > Exchange - ISA|VPN start - internet - VPN end|mail provider > > > > Not an option I guess, huh? > > > > One more thing I'd like to say: it's a good thing that > there is such a > > list where one can have his problems discussed, and I really do > > appreciate your help. But for instance in this thread, I > didn't really > > get an answer to my original questions. I mean, this could be a > > problem of communication, I sometimes think that I don't express > > myself clear enough - of course english is not my native language, > > maybe that's the reason. The ETRN problem left aside, it > could be any > > other scenario involving VPN and I asked the question to get a > > better understanding on what's possible and some feedback. It > > would be great if one of you could write a couple of lines. > > > > Thanks for listing > > Mark > > > > > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Exchange Server Resource Site: http://www.msexchange.org/ Windows > > Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT > > > Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a > > blank email to $subst('Email.Unsub') > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Exchange Server Resource Site: http://www.msexchange.org/ Windows > > Security Resource Site: http://www.windowsecurity.com/ > Windows 2000/NT > > > Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion > > List as: mark@xxxxxxxxxxxx To unsubscribe send a blank email > > to $subst('Email.Unsub') > > > > > > Free Trial Software: Monitor & Manage Web Use with > SurfControl Web Filter for MS ISA Server > http://www.surfcontrol.com/go/zisadl1 > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Exchange Server Resource Site: http://www.msexchange.org/ > Windows Security Resource Site: > http://www.windowsecurity.com/ Windows 2000/NT > Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a > blank email to $subst('Email.Unsub') > > Free Trial Software: Monitor & Manage Web Use with > SurfControl Web Filter for MS ISA Server > http://www.surfcontrol.com/go/zisadl1 > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Exchange Server Resource Site: http://www.msexchange.org/ > Windows Security Resource Site: > http://www.windowsecurity.com/ Windows 2000/NT > Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: mark@xxxxxxxxxxxx To unsubscribe send a blank email > to $subst('Email.Unsub') > Free Trial Software: Monitor & Manage Web Use with SurfControl Web Filter for MS ISA Server http://www.surfcontrol.com/go/zisadl1 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')